Why can’t I ping my ACE module ? Diatribe on service-policy.

I have had this come up a couple of times and thought I would put this here for other people who are new to the Cisco Application Control Engine. You install the module but you can’t ping or telnet / SSH to it even though you have it set correctly ?

Configuration

ACE# sh run
Generating configuration....

logging enable
logging console 7
logging buffered 5
logging monitor 5

access-list EVERYONE line 8 extended permit ip any any
access-list EVERYONE line 16 extended permit icmp any any

Now I can see the neighbour in the ARP cache, so I know that there is a physical connectionSwitch#sh arp | i 198.18.1.203
Internet 198.18.1.203†1 001f.ca7b.6029 ARPA Vlan98
Switch#sh arp | i 198.18.1.204
Internet 198.18.1.203†158 000b.fcfe.1b03 ARPA Vlan98
Switch#ping 198.18.1.204

And I keep on looking at the configuration and saying, it looks right, dangit, it looks right.

It took me a while to realise that the policy-map wasn’t quite right:policy-map type management first-match REMOTE_MGMT_POLICY
class REMOTE_ACCESS_PROTOCOLS
permit
Just to remind you, this is the bit that is wrong againpolicy-map type management first-match REMOTE_MGMT_POLICY
It subtle isn’t it.

So, the Sermon

I admit that I find the Cisco Common Policy Classification Language more than a little confusing. When the class-maps and policy-maps were used only for QoS I kind of got used to it. Now that the syntax has been extended into ASA Policy, ACE Load Balancing and IOS routing and QoS etc etc etc I am finding the syntax hard to hold in my head. Some of my co-workers have said the same thing.

On the other hand, I can see how the service-policy syntax fits very nicely into an XML schema for remote programming. Since we are heading more towards graphical tools to configure and manage network devices, this makes a kind of sense since they will use XML to so the configuration ((that’s what the ‘show xml parser’ command is all about)) will tend to look a bit like that.

It’s tough on the human brain though.

About Greg Ferro

Human Infrastructure for Data Networks. 25 year survivor of Corporate IT in many verticals, tens of employers working on a wide range of networking solutions and products.

Host of the Packet Pushers Podcast on data networking at http://packetpushers.net- now the largest networking podcast on the Internet.